While the steady performance of most large Federal agencies on the latest version of the FITARA Scorecard drew notes of praise from leaders of the House Government Operations Subcommittee at their July 28 hearing to review the grades, the central focus on the hearing – cybersecurity and IT modernization – got the most attention from private sector tech leaders.
On the modernization front, Federal CIO Clare Martorana updated the subcommittee on the $2.1 billion of Technology Modernization Fund (TMF) proposals that her office is currently working through to jumpstart Federal agency IT modernization. Those proposals are focusing in large part on improving cybersecurity, citizen service, and taking an enterprise approach to implementation.
At the same time, subcommittee Chairman Gerry Connolly, D-Va., and Ranking Member Jody Hice, R-Ga., talked about ways to adjust the FITARA Scorecard process to shed more light on how agencies are working to improve cybersecurity.
MeriTalk is putting the spotlight on all of the emerging developments with TMF in our first TMF Forward event scheduled for December 16. The event will showcase the tangible value of TMF in driving IT modernization forward, and will feature some of the leading technology voices in Congress including Reps. Gerry Conolly, D-Va., and Jim Langevin, D-R.I. Interested in joining us? Check out more information here.
Cyber Focus
Outside the hearing room, providers of IT and security technologies to the government came away with urgency on the cybersecurity issues.
“We should be laser-focused on the cyber scores – where can we improve and what can we do differently,” commented Stephen Kovac, Vice President of Global Government and Head of Corporate Compliance at Zscaler.
“There are key initiatives underway – the Cybersecurity EO’s zero trust requirements, CISA’s important efforts on TIC 3.0 modernization, and the NIST NCCoE Zero Trust Architecture project just announced,” he said. “We are proud to collaborate with NIST and other leaders on this effort, a concrete step to take advantage of Zero Trust. We had Cloud First. We have Cloud Smart. And now we can all push forward together to achieve Cloud Secure.”
“The cyber scores should take into consideration agencies’ ability to quickly recover from cyberattacks,” suggested Mike Wiseman, Vice President, Public Sector at Pure Storage.
“Recent high-profile attacks have left agencies wondering if their cyber infrastructure is stable enough to protect valuable data,” he said. “But, data protection alone isn’t enough. There needs to be a focus on establishing robust backup and rapid restore capabilities. Agencies must be investing in solutions that get ahead of the attack, with security built into the platform, it is easier to minimize downtime and get systems back online more efficiently and effectively.”
Modernization Priorities
Cybersecurity improvements go hand-in-hand with modernization strategies, said Matt Marsden, Vice President, Technical Account Management, Federal, at Tanium. “As laid out in the hearing, cybersecurity is the immediate priority in Federal IT – and improvement starts with IT modernization. But first, we must make informed decisions to prioritize modernization efforts,” he said.
“We know some legacy systems prevented the continuity of government operations when the pandemic hit,” he said. “If you don’t have comprehensive visibility over your assets and real-time data about the health and performance of those assets you aren’t able to adapt quickly enough to events like the pandemic or the rapid shift to telework. Agencies must be able to quickly gather real-time, actionable data on the state of an endpoint to prioritize modernization efforts.”
Matt Glenn, Senior Vice President of Product Management at Illumio, pointed to agency FITARA performance under pandemic conditions which spurred quick modernization steps.
“The FITARA 12.0 scorecard reflects efforts through a unique timeframe,” Glenn said. “Agencies leaned on modernization progress to date, accelerated efforts, and we all saw the importance of resilient, modern systems to the mission – and that modernization effort needs to be protected.”
“We continue to see the security impact of the distributed workforce and cloud environment growth,” he continued. “The FITARA cyber scores show some, but not all, of the picture. If agencies take the steps the Biden Administration recommended in the recent Executive Order on cybersecurity and supply chain security – including adopting Zero Trust strategies, protecting high-value assets with segmentation, and improving public-private partnerships – we will collectively improve our defenses.?This has to be priority one because it impacts every program, every mission.”
Faster Adoption
Brad Schulteis, Senior Director, Global Government Solutions, at Rackspace Technology, said the FITARA Scorecard results point toward the government needing to find faster ways to take advantage of innovative technologies.
“Antiquated cybersecurity practices, obsolete IT investments, and an aging workforce are the primary concerns FITARA 12 resurfaces,” Schulteis said. “A lack of a universal cyber risk management practice across the Federal government continues to hinder cybersecurity posture of the Federal IT landscape. So, the question is, how does government start to break the constraints that are holding them back from truly accelerating modernization efforts,” he asked.
“Government needs to incentivize industry to bring their innovative cloud solutions to the government, not penalize them for trying,” he suggested. “Government must continue to find ways to improve FedRAMP and reduce industry’s burdens for no other reason than offloading their own FISMA requirements. Additionally, Federal procurement and acquisition must modernize to align with the times and challenges. When it takes 6-12 months to buy an ‘innovative’ solution, the innovation is gone. Government needs to investigate entirely new procurement methods to better align with how services can be utilized in scalable ways rather than traditional contracting models.”